topic Could you please attach the in Network Security

Cisco ASA syslog command issue

goodbye2015 — Tue, 12 Mar 2019 09:19:11 GMT

Cisco ASA 5550

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
System image file is "disk0:/asa825-k8.bin"

===============================================

Such a thing happened today, my asa using remote syslog server. previous configuration as follows:

asa# sh run | include logging
logging enable
logging trap warnings

logging host dmz_service 192.168.100.16

i was creating a new syslog server 192.168.100.17 using tcp port 11001 to accept remote message. so i made the modification.

asa(config)# logging host dmz_service 192.168.100.17 tcp/11001

WARNING: interface Rdundant1.15 security level is 60.

why this warning pop up,after that, all traffic between the zones was forbid on ASA.

unbelievably. it was recovery when i "no logging host dmz_service 192.168.100.17 tcp/11001"

it cause severe productive accident.i feel so confused until now. anybody can help me?

Could you please attach the

Ajay Saini — Thu, 04 May 2017 18:02:24 GMT

Could you please attach the output of 'show nameif'

-AJ

Please check if the host 192

Akhil.Balachandran — Thu, 04 May 2017 19:54:44 GMT

Please check if the host 192.168.100.17 is reachable from the ASA. On the ASA, if the TCP SYSLOG server is unreachable, it will drop all traffic through the device. This is a default behavior on the ASA.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

To change the default behavior, configure the option "logging permit-hostdown" . This will make sure all the connection through the ASA is not denied, if the SYSLOG server is unreachable from the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html

Regards

Akhil

got it.

goodbye2015 — Fri, 05 May 2017 03:53:14 GMT

got it.

thank you for your help!